Google will notify users when it suspects they are being targeted by nation states or their private contractors via a pink ribbon at the top of the page (of a signed-in user).
It will state: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer”.
“When we have specific intelligence — either directly from users or from our own monitoring efforts — we show clear warning signs and put in place extra roadblocks to thwart these bad actors,” said Google’s vice president of security engineering Eric Grosse in a blog post.
It's probably welcome news for likely targets of state-sponsored attacks, but exactly which source of a ‘state-sponsored attack’ will warrant a Google warning is not known.
While attacks are alleged to have been launched from China on Google infrastructure aimed at human rights activists in China, the new warning system follows revelations that the Iran-focussed Stuxnet was a US-sponsored attack, even though that likely fell outside Google's view.
The more recently discovered espionage malware, Flame, which is only known to have targeted a small number of computers in the Middle East, did contain a module that listed Google as one of a dozen email services it would aim to spy on. Its makers have not been identified.
Besides how it decides which attacks to warn customers of, Google is also not revealing anything about the “detailed analysis” it conducts to be confident enough to warn a user that an attack is likely state-funded—and not just a financially motivated phishing or malware attack.
“We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis—as well as victim reports—strongly suggest the involvement of states or groups that are state-sponsored,” Grosse said.
Google does not guarantee the warning is confirmation the recipient is the target of a state, and could just as likely be a target of a phishing or malware campaign, meaning that it could be the precursor to an actual attack or not state-sponsored at all.
“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information. And we will continue to update these notifications based on the latest information,” said Grosse.